Just picking up where this column left off last week regarding the Internet of Things (IoT). Internet of Things devices proliferated before anyone would have had a chance to consider whether and how best to regulate them.
As noted previously, IoT devices are revolutionizing personal health, home security and automation, business analytics and many other fields of human activity.
And a growing number of physical objects are being connected to the internet at an unprecedented rate realizing the idea of the Internet of Things.
Today, there’s scant regulatory framework on the use of IoT devices given that IoT is existing in embryonic form.
To lay foundation for considering the current legal problems created by the Internet of Things, it is quite important to figure out a typology of consumer sensors, providing myriad ways in which existing Internet of Things devices generate data about our environment and our lives.
Inherently, the Internet of Things faces unique technical challenges that in turn create four legal problems concerning consent, privacy, informational security, and physical safety. This is the bottom line of discussion.
As pointed out previously, the IoT refers to a complex network of interactive and technical components clustered around three key elements: sensors, informational processors, and actuators. It is this ability of objects to communicate that delivers the power of the IoT.
First is consent. This demonstrates how the Internet of Things intersects with existing moral concepts like informed consent: a device gathers personal information through sensors and communicates that information to some receiver, all without the user necessarily being actively involved.
While this case trades on highly personal information, even more innocuous information—like times and dates of use—are nevertheless both commonly transmitted and morally significant.
Specifically, ‘consent’ should not mean simply assent or merely an affirmative response.
The reason is that stakeholders need to know what they are assenting to, and the informed part adds that component.
To put it in a nutshell, consent is fundamental in both ethics and law. Hence, stakeholders have the right to receive information and ask questions, so that they can make well-informed consent.
Second is privacy. The intersection between privacy to the IoT starts with the observation that devices connected to the IoT collect vast amounts of user data and that data can be analyzed, shared, and so on.
For example, in a widely publicized case, target mined a client’s purchasing habits, predicted that she was pregnant, and send a mailer promoting baby items to her home.
Here, consider using Amazon Echo which, by design, is always listening—how else would it know when you said "Alexa”? And, therefore, it is listening whether someone is using the product or simply talking to their family.
Where that information goes and how it is recorded, processed, and stored raise important ethical questions. Smart homes are routinely communicating information back to manufacturers, not all of which is even encrypted.
Unfortunately, privacy law is not prepared to deal with this threat of easy re-identification of Internet of Things information and instead relies on the outdated assumption that one can usefully distinguish between ‘personally identifiable information’ and de-identified sensor or biometric data.
Third is informational security. Many devices connected to the IoT have limited or no effective information security.
Failure to ensure effective information security has important ramifications for privacy and physical safety, and can effectively invalidate informed consent and undermine trust.
In other words, informational security plays a key role, not just as an intrinsic value, but also instrumentally insofar as it helps secure other moral values as well.
The technical challenge is simple: many Internet of Things products have not been engineered to protect data security.
These devices are often created by consumer-goods manufacturers, not computer software or hardware firms. As a result, data security may not be top of mind for current Internet of Things manufacturers.
In addition, the small form factor and low power and computational capacity of many of these Internet of Things devices makes adding encryption or other security measures difficult.
The writer is a law expert.
The views expressed in this article are of the writer.